ThumbGate: A Feedback-Driven Governance Framework for AI Coding Agents

ThumbGate is a feedback-driven governance framework for AI coding agents. It converts developers' 👍/👎 feedback into enforceable rules, using PreToolUse hooks to intercept risky operations before execution. Compatible with mainstream agents like Claude Code, Cursor, and Codex via the MCP protocol, it offers free (personal) and paid (Pro/team) tiers to prevent repeated errors and build secure workflows.

As AI coding agents (Claude Code, Cursor, Codex CLI) grow popular, they often repeat mistakes (e.g., force-pushing to main). Traditional solutions like CLAUDE.md or .cursorrules are advisory—agents can ignore them. This creates a need for a system that turns human feedback into actionable, enforced rules.

ThumbGate’s core flow: When an agent makes a mistake (e.g., force push), the developer gives a 👎. Next time the agent tries the same action, the PreToolUse hook triggers to block it. Key tech: PreToolUse for execution interception, MCP protocol for compatibility with agents like Claude Code, Cursor, Codex CLI, Gemini CLI, Amp, OpenCode.

1. Feedback Distillation: Captures context → refines lessons → validates rules → creates enforceable conditions (e.g., block force push to main). 2. Workflow Sentinel: Pre-evaluates high-risk ops (PR merges, releases) for risk. 3. Self-Distillation: Auto-generates rules from test results/rollbacks. 4. Sandbox: Isolates risky ops via Docker. 5. Compliance: Changeset management, semantic version checks, CI gates for auditability.

Pricing tiers: Free (personal:3 feedbacks/day,5 rules/search,5 gates); Pro ($19/month: local dashboard, DPO export); Team ($99/seat/month: shared rules,3-level approval). Advantage over static files: Enforced (vs advisory), auto-generated rules (vs manual), cross-session memory (vs none), shared team rules (vs individual), dynamic evolution (vs static).

Use cases: Prevent repeated DB migration failures, control file access (e.g., restrict CI config edits), build team safety baselines. Limitations: Does not modify LLM weights (only blocks execution), risk of overgeneralized rules (needs regular rule checks).

Quick start: Run npx thumbgate init for self-hosted setup (configures agent type, rule storage, PreToolUse hooks). Conclusion: ThumbGate shifts AI agent governance from static to dynamic, advisory to enforced, individual to team—becoming essential for AI-assisted dev teams to ensure safe, auditable workflows.